Difference between revisions of "Queue Tree with more than two interfaces"

From MikroTik Wiki
Jump to: navigation, search
Line 30: Line 30:
 
And now is the most important part in this case.
 
And now is the most important part in this case.
  
As we will make Queue for uplink and downlink traffic, we need packet-marks. In this example, we use "test-up" for uplink traffic, and "test-down" for downlink traffic.
+
We need to mark our users. One connectoin for upload and second for download. In this example I add mangle for two users, user10 and user50. At the end I add mangle for local transmission because I don't QoS local trafic emong users.
 
 
For uplink traffic, it's quite simple. We need only one rule, using SRC-ADDRESS and IN-INTERFACE parameters, and using PREROUTING chain. Rule number #0.
 
 
 
But for downlink, we have to make sevaral rules. As we use masquerading, we need Connection Mark, named as "test-conn". Rule no #1.
 
 
 
Then we have to make 2 more rules. First rule is for non-HTTP connection / direct connection. We use chain forward, as the data traveling through the router. Rule no #2.
 
 
 
The second rule is for data coming from web-proxy to the client. We use OUTPUT chain, as the data coming from internal process in the router itself. Rule no #3.
 
 
 
For both rules (no #2 and #3) we named it "test-down".
 
 
 
Please be aware, we use passthrough only for connection mark (rule no #1).
 
 
 
 
   
 
   
 
  [admin@instaler] ip firewall mangle> print
 
  [admin@instaler] ip firewall mangle> print
Line 54: Line 41:
  
 
  2  chain=forward connection-mark=users-10U action=mark-packet  
 
  2  chain=forward connection-mark=users-10U action=mark-packet  
     new-packet-mark=10 passthrough=yes  
+
     new-packet-mark=user10 passthrough=yes  
  
 
  3  chain=forward connection-mark=users-10D action=mark-packet  
 
  3  chain=forward connection-mark=users-10D action=mark-packet  
     new-packet-mark=10 passthrough=yes  
+
     new-packet-mark=user10 passthrough=yes  
  
  4  chain=forward src-address=10.10.2.10
+
  4  chain=forward src-address=10.10.3.50
     action=mark-connection new-connection-mark=users-10U passthrough=yes  
+
     action=mark-connection new-connection-mark=users-50U passthrough=yes  
  
  5  chain=forward dst-address=10.10.2.10
+
  5  chain=forward dst-address=10.10.3.50
     action=mark-connection new-connection-mark=users-10D passthrough=yes  
+
     action=mark-connection new-connection-mark=users-50D passthrough=yes  
  
 
  6  chain=forward connection-mark=users-10U action=mark-packet  
 
  6  chain=forward connection-mark=users-10U action=mark-packet  
     new-packet-mark=10 passthrough=yes  
+
     new-packet-mark=user50 passthrough=yes  
  
 
  7  chain=forward connection-mark=users-10D action=mark-packet  
 
  7  chain=forward connection-mark=users-10D action=mark-packet  
     new-packet-mark=10 passthrough=yes  
+
     new-packet-mark=user50 passthrough=yes  
  
 
  98  chain=forward src-address=10.10.0.0/16 dst-address=10.10.0.0/16  
 
  98  chain=forward src-address=10.10.0.0/16 dst-address=10.10.0.0/16  
Line 95: Line 82:
 
     burst-threshold=0 burst-time=0s
 
     burst-threshold=0 burst-time=0s
  
You can use those mangle also with PCQ.
 
  
Any question, you can contact me at : info(at)mikrotik(dot)co(dot)id
 
  
Valens Riyadi
+
 
 +
 
 +
Ondřej Fišer

Revision as of 12:37, 24 February 2007

Basic Setup

This page will tak about how to make QUEUE TREE in RouterOS that with Masquerading for more than two interfaces. It's for sharing internet connection among users on each interfacess. In manual this possibility isn't writted.


First, let's set the basic setting first. I'm using a machine with 3 or more network interfaces:

[admin@instaler] > in pr
#    NAME       TYPE    RX-RATE    TX-RATE    MTU  
0  R public     ether   0          0          1500 
1  R wifi1      wlan    0          0          1500
2  R wifi2      wlan    0          0          1500
3  R wifi3      wlan    0          0          1500

And this is the IP Addresses for each interface:

[admin@instaler] > ip ad pr
Flags: X - disabled, I - invalid, D - dynamic 
#  ADDRESS           NETWORK      BROADCAST      INTERFACE
0  10.20.1.0/24      10.20.1.0    10.20.1.255    public   
1  10.10.2.0/24      10.10.2.0    10.10.2.255    wifi1
2  10.10.3.0/24      10.10.3.0    10.10.3.255    wifi2
3  10.10.4.0/24      10.10.4.0    10.10.4.255    wifi3

On the public you can add NAT or proxy if you want.

Mangle Setup

And now is the most important part in this case.

We need to mark our users. One connectoin for upload and second for download. In this example I add mangle for two users, user10 and user50. At the end I add mangle for local transmission because I don't QoS local trafic emong users.

[admin@instaler] ip firewall mangle> print
Flags: X - disabled, I - invalid, D - dynamic 
0   chain=forward src-address=10.10.2.10 
    action=mark-connection new-connection-mark=users-10U passthrough=yes 
1   chain=forward dst-address=10.10.2.10 
    action=mark-connection new-connection-mark=users-10D passthrough=yes 
2   chain=forward connection-mark=users-10U action=mark-packet 
    new-packet-mark=user10 passthrough=yes 
3   chain=forward connection-mark=users-10D action=mark-packet 
    new-packet-mark=user10 passthrough=yes 
4   chain=forward src-address=10.10.3.50 
    action=mark-connection new-connection-mark=users-50U passthrough=yes 
5   chain=forward dst-address=10.10.3.50
    action=mark-connection new-connection-mark=users-50D passthrough=yes 
6   chain=forward connection-mark=users-10U action=mark-packet 
    new-packet-mark=user50 passthrough=yes 
7   chain=forward connection-mark=users-10D action=mark-packet 
    new-packet-mark=user50 passthrough=yes 
98  chain=forward src-address=10.10.0.0/16 dst-address=10.10.0.0/16 
    action=mark-connection new-connection-mark=users-lokal passthrough=yes 
99  chain=forward connection-mark=users-lokal action=mark-packet 
    new-packet-mark=lokalTrafic passthrough=yes 


Queue Tree Setup

And now, the queue tree setting. We need one rule for downlink and one rule for uplink. Be careful when choosing the parent. for downlink traffic, we use parent "lan", the interface name for local network. And for uplink, we are using parent "global-in".

[admin@instaler] > queue tree pr
Flags: X - disabled, I - invalid 
0   name="downstream" parent=lan packet-mark=test-down 
    limit-at=32000 queue=default priority=8 
    max-limit=32000 burst-limit=0 
    burst-threshold=0 burst-time=0s 

1   name="upstream" parent=global-in 
    packet-mark=test-up limit-at=32000 
    queue=default priority=8 
    max-limit=32000 burst-limit=0 
    burst-threshold=0 burst-time=0s



Ondřej Fišer